Considered one of the UK’s biggest hacks in 2015, the company disclosed a "significant and sustained cyber-attack" in October during which details from 156,959 customer accounts were exposed including 15,656 customer's sort codes and bank account numbers. The lost data had not been encrypted, but the company were not legally required to encrypt it at that time.
In October 2016, the company was fined a record £400,000 fine for its negligence on securing clients' data by the UK's Information Commissioner's Office. The company claimed that the attack cost them £42 million and that 101,000 customers left due to the attack.
It was initially thought the hackers were part of an Islamist group based in Russia, before several people in the UK were arrested in relation to the attack.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions